Salesforce is a risky choice for non-profits

Every year, non-profits sign up for Salesforce expecting a powerful, affordable solution, only to quietly discover the real cost. Not just in dollars, but in consultant hours, staff training, and the creeping realization that switching would cost even more. This post is about what to consider before you get there.

Competition is healthy, it pushes us all to improve, and we want organizations to find the best tools. However, in the 21 years since CiviCRM began serving nonprofits, we've seen too many non-profits fall for glossy marketing - for costly features that are never used because they are too complex, leading the nonprofit trapped in a long-term expensive contract. To that end, let's call out the elephant in the room: Salesforce.

In this case, I'm not shy to call them out. Salesforce has become huge, at least in the United States. It has good features and their marketing is unbeatable.  CiviCRM and Salesforce are very different solutions, but they are often compared. I wanted to take this opportunity to highlight a few differences.

Full disclaimer: I have been working with CiviCRM for 20 years, and have migrated organizations from Salesforce to CiviCRM. I also have a close relative who works at a non-profit that uses Salesforce. They contributed to this post, as have a few CiviCRM partners who work with both platforms.

Marketing

We can modestly say that CiviCRM competes well with Salesforce for non-profits, but not when it comes to marketing. We're not a billion dollar company, backed by large investors and who must answer to shareholders. We're hundreds of organizations working together. Some are organizations using CiviCRM, some are professional partner service providers, some are volunteers. We have a few modest funding sources, including from partners, from donors and from payment providers. Most of the money is spent on development, not marketing. Like most non-profits out there, we want your money to have the most impact.

Features

For many non-profits, CiviCRM can cover the vast majority of day-to-day CRM, fundraising, membership and event management needs at a fraction of the total cost of a Salesforce-based solution. Collaboration might take longer, but we go further together. If many startups have come and gone, CiviCRM is still there and innovating 20 years later.

We're also brutally honest. Does CiviCRM have the best user interface? Maybe not, but it's built using actual user input. Organizations should be aware that proprietary platforms can create switching costs that make future migrations more difficult. AI, for example, should be opt-in, and controlled by your organization.

Cost to implement and maintain

Budgeting can become difficult because costs often depend on a combination of user counts, products, add-ons and third-party applications. As organizations grow or adopt additional functionality, costs can increase in ways that are difficult to predict during initial procurement. If your organization has a bad year, it might have to make a difficult decision, to be cut off from your data.

On top of the licenses and hosting fees, you will need consultants. They might say that you won't need them, but you will need them. It's a complex platform, constantly evolving. Even if there are some "no-code" components, they are complex and require either training or consultants.

A common myth is that Salesforce is free for non-profits.  While Salesforce's former nonprofit solution NPSP (Nonprofit Success Pack), and their current solution NPC (Nonprofit Cloud) allow for 10 free licenses, unlike CiviCRM you can't start taking online donations, membership, or event registrations without adding additional tools. This adds complexity and cost, as all these add-on tools either have subscription costs or higher transaction fees.

Overall, if you are struggling with Salesforce, you will be told that you need to invest more. This or that component will help, at an extra cost. It will be a dilemma of sunk costs. Keep throwing money at it, hoping it eventually works, or cut your losses?

Security

Salesforce offers extremely granular permissions and a large ecosystem of third-party integrations. While this flexibility is powerful, it can also increase administrative complexity. Organizations without dedicated expertise may find it challenging to consistently audit access controls and integrations.

For example, when a data leak impacted more than 40 Salesforce customers in 2025, from AirFrance-KLM to Home Depot and IKEA, Salesforce blamed their customers, rather than the complexity of their systems. (see: TechCrunch article and Fortra.com analysis)

There are also concerns about how Salesforce uses client data to train Einstein and Agentforce. Salesforce has published a FAQ addressing these concerns, but the details are buried in the fine print and the subtitles are somewhat misleading.

Beyond vendor-level incidents, the security of the software itself is worth considering. Proprietary software typically has regular updates for "general maintenance and stability fixes". CiviCRM takes a different approach, by publishing detailed security reports. Whether that's more or less secure than proprietary software is debatable, but the transparency isn't. You and your software provider can have a better understanding and control of the impact on your data. Additionally, CiviCRM Standalone (a version that runs without a separate CMS) reduces your attack surface by keeping your software stack simple.

Data Sovereignty

Who actually controls your donor data? It's a question most non-profits don't ask until it's too late. Choosing the right CRM isn't just a technical decision. It's a question of organizational sovereignty.

Is CiviCRM any different? That's a safe bet. With CiviCRM, you own your data. You can host it wherever you want and you control who can access it. Not a pro? No problem, we have a wide range of experts, many of whom are based in your jurisdiction, whether it's the United States, Europe or elsewhere. You're also investing locally, into your local economy, local skills, in a community whose interests and values are more likely aligned with yours.

Large technology companies are increasingly influential in public policy debates, and their executives often make headlines for political statements. Whether you agree with those views or not, it serves as a reminder that when critical infrastructure depends on a single vendor, your organization is ultimately affected by decisions and priorities that it does not control. (see: TheVerge article)

You have a voice in the CiviCRM community

Salesforce may be the right choice for some organizations. But before committing, understand the long-term costs, dependencies and governance implications. A CRM is not just software. It becomes part of your organization's infrastructure. The decision you make today may shape your operations, budget and flexibility for the next decade.

If you choose CiviCRM, you're not simply buying a product, nor are you the product. You're joining a community that collectively builds and governs the software it relies on. You can contribute code, hire a local partner, or simply choose where your data lives. You're part of something built for people, not shareholders.